Remote entry system

ABSTRACT

A system is disclosed for providing secure access to a controlled item, the system comprising a database of biometric signatures, a transmitter subsystem comprising a biometric sensor for receiving a biometric signal, means for matching the biometric signal against members of the database of biometric signatures to thereby output an accessibility attribute, and means for emitting a secure access signal conveying information dependent upon said accessibility attribute, wherein the secure access signal comprises one of at least a rolling code, an encrypted Bluetooth™ protocol, and a WiFi™ protocol, and a receiver sub-system comprising means for receiving the transmitted secure access signal and means for providing conditional access to the controlled item dependent upon said information.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation patent application of U.S.Non-Provisional application Ser. No. 10/568,207 for REMOTE ENTRY SYSTEM,filed Jun. 4, 2008, the disclosure of which is incorporated by referencein its entirety.

FIELD OF THE INVENTION

The present invention relates to secure access systems and, inparticular, to systems using wireless transmission of security codeinformation.

BACKGROUND

FIG. 1 shows a prior art arrangement for providing secure access. A user401 makes a request, as depicted by an arrow 402, directed to a codeentry module 403. The module 403 is typically mounted on the externaljamb of a secure door. The request 402 is typically a secure code ofsome type which is compatible with the code entry module 403. Thus, forexample, the request 402 can be a sequence of secret numbers directed toa keypad 403. Alternately, the request 402 can be a biometric signalfrom the user 401 directed to a corresponding biometric sensor 403. Oneexample of a biometric signal is a fingerprint. Other physicalattributes that can be used to provide biometric signals include voice,retinal or iris pattern, face pattern, palm configuration and so on.

The code entry module 403 conveys the request 402 by sending acorresponding signal, as depicted by an arrow 404, to a controller 405which is typically situated in a remote or inaccessible place. Thecontroller 405 authenticates the security information provided by theuser 401 by interrogating a database 407 as depicted by an arrow 406. Ifthe user 401 is authenticated, and has the appropriate accessprivileges, then the controller 405 sends an access signal, as depictedby an arrow 408, to a device 409 in order to provide the desired access.The device 409 can, for example, be the locking mechanism of a securedoor, or can be an electronic lock on a personal computer (PC) which theuser 401 desires to access.

A proximity card can also be used to emit the request 402, in which casethe code entry module 403 has appropriate functionality.

Although the request 402 can be made secure, either by increasing thenumber of secret digits or by using a biometric system, thecommunication infrastructure in FIG. 1 is typically less secure. Theinfrastructure 400 is generally hardwired, with the code entry module403 generally being mounted on the outside jamb of a secured door. Insuch a situation, the signal path 404 can be over a significant distancein order to reach the controller 405. The path 404 represents one weakpoint in the security system 400, providing an unauthorised person withrelatively easy access to the information being transmitted between thecode entry module 403 and the controller 405. Such an unauthorisedperson can, given this physical access, decipher the communicatedinformation between the code entry module 403 and the controller 405.This captured information can be deciphered, replayed in order to gainthe access which rightfully belongs to the user 401, or to enablemodification for other subversive purposes.

Current systems as depicted in FIG. 1 utilise a communication protocolcalled “Wiegand” for communication between the code entry module 403 andthe controller 405. The Wiegand protocol is a simple one-way dataprotocol that can be modified by increasing or decreasing the bit countto ensure uniqueness of the protocol among different security companies.The Wiegand protocol does not secure the information being sent betweenthe code entry module 403 and the controller 405.

More advanced protocols such as RS 485 have been used in order toovercome the vulnerability of the Wiegand protocol over the longdistance route 404. RS 485 is a duplex protocol offering encryptioncapabilities at both the transmitting and receiving ends, i.e. the codeentry module 403 and the controller 405 respectively in the presentcase. The length of the path 404 nonetheless provides an attack pointfor the unauthorised person.

Due to the cost and complexity of re-wiring buildings and facilities,security companies often make use of existing communication cabling wheninstalling and/or upgraded security systems, thereby maintaining thevulnerability described above.

SUMMARY

It is an object of the present invention to substantially overcome, orat least ameliorate, one or more disadvantages of existing arrangements.

According to a first aspect of the present invention, there is provideda system for providing secure access to a controlled item, the systemcomprising:

a database of biometric signatures;

a transmitter subsystem comprising:

a biometric sensor for receiving a biometric signal;

means for matching the biometric signal against members of the databaseof biometric signatures to thereby output an accessibility attribute;and

means for emitting a secure access signal conveying informationdependent upon said accessibility attribute, wherein the secure accesssignal comprises one of at least a rolling code, an encrypted Bluetooth™protocol, and a WiFi™ protocol; and a receiver sub-system comprising;

means for receiving the transmitted secure access signal; and

means for providing conditional access to the controlled item dependentupon said information.

According to another aspect of the present invention, there is provideda transmitter sub-system for operating in a system for providing secureaccess to a controlled item, the system comprising a database ofbiometric signatures, a receiver sub-system comprising means forreceiving a secure access signal transmitted by the transmittersub-system, and means for providing conditional access to the controlleditem dependent upon information conveyed in the secure access signal;wherein the transmitter subsystem comprises:

a biometric sensor for receiving a biometric signal;

means for matching the biometric signal against members of the databaseof biometric signatures to thereby output an accessibility attribute;and

means for emitting the secure access signal conveying said informationdependent upon said accessibility attribute, wherein the secure accesssignal comprises one of at least a rolling code, an encrypted Bluetooth™protocol, and a WiFi™ protocol.

According to another aspect of the present invention, there is providedreceiver sub-system for operating in a system for providing secureaccess to a controlled item, the system comprising a database ofbiometric signatures, a transmitter subsystem comprising a biometricsensor for receiving a biometric signal, means for matching thebiometric signal against members of the database of biometric signaturesto thereby output an accessibility attribute, and means for emitting asecure access signal conveying information dependent upon saidaccessibility attribute, wherein the secure access signal comprises oneof at least a rolling code, an encrypted Bluetooth™ protocol, and aWiFi™ protocol; wherein the receiver sub-system comprises;

means for receiving the transmitted secure access signal; and

means for providing conditional access to the controlled item dependentupon said information.

According to another aspect of the present invention, there is provideda method for providing secure access to a controlled item, the methodcomprising the steps of:

receiving a biometric signal;

matching the biometric signal against members of a database of biometricsignatures to thereby output an accessibility attribute;

emitting a secure access signal conveying information dependent uponsaid accessibility attribute, wherein the secure access signal comprisesone of at least a rolling code, an encrypted Bluetooth™ protocol, and aWiFi™ protocol; and

providing conditional access to the controlled item dependent upon saidinformation.

According to another aspect of the present invention, there is provideda method for populating a database of biometric signatures in a systemfor providing secure access to a controlled item, the system comprisingsaid database of biometric signatures, a transmitter subsystemcomprising a biometric sensor for receiving a biometric signal, andmeans for emitting a secure access signal, and a receiver sub-systemcomprising means for receiving the transmitted secure access signal, andmeans for providing conditional access to the controlled item dependentupon information in said secure access signal, said method comprisingthe steps of:

receiving a series of entries of the biometric signal;

determining at least one of the number of said entries and a duration ofeach said entry;

mapping said series into an instruction; and

populating the database according to the instruction.

According to another aspect of the present invention, there is provideda method for transmitting a secure access signal in a system forproviding secure access to a controlled item, the system comprising adatabase of biometric signatures, a receiver sub-system comprising meansfor receiving the secure access signal transmitted by a transmittersub-system, and means for providing conditional access to the controlleditem dependent upon information conveyed in the secure access signal,said method comprising the steps of:

receiving a biometric sensor by biometric signal;

matching the biometric signal against members of the database ofbiometric signatures to thereby output an accessibility attribute; and

emitting the secure access signal conveying said information dependentupon said accessibility attribute, wherein the secure access signalcomprises one of at least a rolling code, an encrypted Bluetooth™protocol, and a WiFi™ protocol.

According to another aspect of the present invention, there is provideda method for receiving a secure access signal in a system for providingsecure access to a controlled item, the system comprising a database ofbiometric signatures, a transmitter subsystem comprising a biometricsensor for receiving a biometric signal, means for matching thebiometric signal against members of the database of biometric signaturesto thereby output an accessibility attribute, and means for emitting asecure access signal conveying information dependent upon saidaccessibility attribute, wherein the secure access signal comprises oneof at least a rolling code, an encrypted Bluetooth™ protocol, and aWiFi™ protocol, said method comprising the steps of:

receiving the transmitted secure access signal; and

providing conditional access to the controlled item dependent upon saidinformation.

According to another aspect of the present invention, there is provideda computer program product having a computer readable medium having acomputer program recorded therein for directing a processor to providesecure access to a controlled item, said computer program productcomprising:

code for receiving a biometric signal;

code for matching the biometric signal against members of a database ofbiometric signatures to thereby output an accessibility attribute;

code for emitting a secure access signal conveying information dependentupon said accessibility attribute, wherein the secure access signalcomprises one of at least a rolling code, an encrypted Bluetooth™protocol, and a WiFi™ protocol; and

code for providing conditional access to the controlled item dependentupon said information.

According to another aspect of the present invention, there is provideda computer program product having a computer readable medium having acomputer program recorded therein for directing a processor to populatea database of biometric signatures in a system for providing secureaccess to a controlled item, said computer program product comprising:

code for receiving a series of entries of the biometric signal;

code for determining at least one of the number of said entries and aduration of each said entry;

code for mapping said series into an instruction; and

code for populating the database according to the instruction.

According to another aspect of the present invention, there is provideda computer program product having a computer readable medium having acomputer program recorded therein for directing a processor to transmita secure access signal in a system for providing secure access to acontrolled item, said computer program product comprising:

code for receiving a biometric sensor by biometric signal;

code for matching the biometric signal against members of the databaseof biometric signatures to thereby output an accessibility attribute;and

code for emitting the secure access signal conveying said informationdependent upon said accessibility attribute, wherein the secure accesssignal comprises one of at least a rolling code, an encrypted Bluetooth™protocol, and a WiFi™ protocol.

According to another aspect of the present invention, there is provideda computer program product having a computer readable medium having acomputer program recorded therein for directing a processor to receive asecure access signal in a system for providing secure access to acontrolled item, said computer program product comprising:

code for receiving the transmitted secure access signal; and

code for providing conditional access to the controlled item dependentupon said information.

According to another aspect of the present invention, there is provideda system for providing secure access, the system comprising:

a biometric sensor for authenticating the identity of a user;

a transmitter for transmitting information using a secure wirelesssignal dependent upon a request from the user and the authentication ofthe user identity; and

a control panel for receiving the information and for providing thesecure access requested.

Other aspects of the invention are also disclosed.

BRIEF DESCRIPTION OF THE DRAWINGS

Some aspects of the prior art and one or more embodiments of the presentinvention are described with reference to the drawings, in which:

FIG. 1 shows a prior art arrangement for providing secure access;

FIG. 2 is a functional block diagram of an arrangement for providingsecure access according to the present disclosure;

FIG. 3 shows an example of a method of operation of the remote controlmodule of FIG. 2;

FIG. 4 shows an example of a method of operation of the (fixed) controldevice of FIG. 2;

FIG. 5 shows incorporation of a protocol converter into the arrangementof FIG. 2; and

FIG. 6 shows another example of how the remote access system operates;

FIG. 7 shows an access process relating to the example of FIG. 6;

FIG. 8 shows one enrolment process relating to the example of FIG. 6;

FIG. 9 shows another enrolment process relating to the example of FIG.6; and

FIG. 10 is a schematic block diagram of the system in FIG. 2.

DETAILED DESCRIPTION INCLUDING BEST MODE

It is to be noted that the discussions contained in the “Background”section relating to prior art arrangements relate to discussions ofdocuments or devices which form public knowledge through theirrespective publication and/or use. Such should not be interpreted as arepresentation by the present inventor(s) or patent applicant that suchdocuments or devices in any way form part of the common generalknowledge in the art.

Where reference is made in any one or more of the accompanying drawingsto steps and/or features, which have the same reference numerals, thosesteps and/or features have for the purposes of this description the samefunction(s) or operation(s), unless the contrary intention appears.

FIG. 2 is a functional block diagram of an arrangement for providingsecure access according to the present disclosure. A user 101 makes arequest, as depicted by an arrow 102, to a code entry module 103. Thecode entry module 103 includes a biometric sensor 121 and the request102 takes a form which corresponds to the nature of the sensor 121 inthe module 103. Thus, for example, if the biometric sensor 121 in thecode entry module 103 is a fingerprint sensor, then the request 102typically takes the form of a thumb press on a sensor panel (not shown)on the code entry module 103.

The code entry module 103 interrogates, as depicted by an arrow 104, auser identity database 105. Thus for example if the request 102 is thethumb press on the biometric sensor panel 121 then the user database 105contains biometric signatures for authorised users against which therequest 102 can be authenticated. If the identity of the user 101 isauthenticated successfully, then the code entry module 103 sends asignal 106 to a controller/transmitter 107. The controller/transmitter107 checks, as depicted by an arrow 112, the current rolling code in adatabase 113. The controller 107 then updates the code and sends theupdated code, this being referred to as an access signal, as depicted byan arrow 108 to a controller 109. The rolling code protocol offersnon-replay encrypted communication.

The controller 109 tests the rolling code received in the access signal108 against the most recent rolling code which has been stored in adatabase 115, this testing being depicted by an arrow 114. If theincoming rolling code forming the access signal 108 is found to belegitimate, then the controller 109 sends a command, as depicted by anarrow 110, to a controlled item 111. The controlled item 111 can be adoor locking mechanism on a secure door, or an electronic key circuit ina personal computer (PC) that is to be accessed by the user 101. It isnoted that the controller 109 contains a receiver 118 that receives thetransmitted access signal 108 and converts it into a form that isprovided, as depicted by an arrow 120, into a form that the controller109 can use.

The code entry module 103 also incorporates at least one mechanism forproviding feedback to the user 101. This mechanism can, for example,take the form or one or more Light Emitting Diodes (LEDs) 122 which canprovide visual feedback, depicted by an arrow 123 to the user 101.Alternately or in addition the mechanism can take the form of an audiosignal provided by an audio transducer 124 providing audio feedback 125.

The arrangement in FIG. 2 has been described for the case in which thesecure code in the access signal 108 used between the sub-systems 116and 117 is based upon the rolling code. It is noted that this is merelyone arrangement, and other secure codes can equally be used. Thus, forexample, either of the Bluetooth™ protocol, or the Wi Fi™ protocols canbe used.

Rolling codes provide a substantially non-replayable non-repeatable andencrypted radio frequency data communications scheme for securemessaging. These codes use inherently secure protocols and serial numberciphering techniques which in the present disclosure hide the clear textvalues required for authentication between the key fob (transmitter)sub-system 116 and the receiver/controller 118/109.

Rolling codes use a different code variant each time the transmission ofthe access signal 108 occurs. This is achieved by encrypting the datafrom the controller 107 with a mathematical algorithm, and ensuring thatsuccessive transmissions of the access signal 108 are modified using acode and/or a look-up table known to both the transmitter sub-system 116and the receiver sub-system 117. Using this approach successivetransmissions are modified, resulting in a non-repeatable data transfer,even if the information from the controller 107 remains the same. Themodification of the code in the access signal 108 for each transmissionsignificantly reduces the likelihood that an intruder can access theinformation replay the information to thereby gain entry at some latertime.

The sub-system in FIG. 2 falling to the left hand side, as depicted byan arrow 116, of a dashed line 119 can be implemented in a number ofdifferent forms. The sub-system 116 can for example be incorporated intoa remote fob (which is a small portable device carried by the user 101),or alternately can be mounted in a protected enclosure on the outsidejamb of a secured door. The sub-system 116 communicates with thesub-system 117 on the right hand side of the dashed line 119 via thewireless communication channel used by the access signal 108. Thesub-system 117 is typically located in an inaccessible area such as ahidden roof space or alternately in a suitable protected area such as anarmoured cupboard. The location of the sub-system 117 must of course beconsistent with reliable reception of the wireless access signal 108.

Although typically the communication channel uses a wirelesstransmission medium, there are instances where the channel used by theaccess signal 108 can use a wired medium. This is particularly the casewhen the transmitter sub-system 116 is mounted in an enclosure on thedoor jamb rather than in a portable key fob.

The biometric signature database 105 is shown in FIG. 2 to be part ofthe transmitter sub-system 116. However, in an alternate arrangement,the biometric signature database 105 can be located in the receiversub-system 117, in which case the communication 104 between the codeentry module 103 and the signature database 105 can also be performedover a secure wireless communication channel such as the one used by theaccess signal 108. In the event that the secure access system is beingapplied to providing secure access to a PC, then the secured PC canstore the biometric signature of the authorised user in internal memory,and the PC can be integrated into the receiver sub-system 117 of FIG. 1.

In the event that the sub-system 116 is implemented as a remote fob, thecombination of the biometric verification and the strongly encryptedwireless communication provides a particularly significant advantageover current systems. The remote key fob arrangement allows easyinstallation, since the wired communication path 404 (see FIG. 1) isavoided. Other existing wiring elements of the present systems 400 canbe used where appropriate. When the sub-system 116 is implemented as aremote fob, the fob incorporates the biometric (eg fingerprint)authentication arrangement, in which case only one biometric signatureis stored in the fob. This arrangement reduces the requirements on thecentral database 115. Once the key fob authenticates the user throughbiometric signature (eg fingerprint) verification, the rolling code inthe access signal 108 is transmitted to the controller 109 forauthorisation of the user for that location at that time.

In addition to authenticating the user 101 the biometric sensor 121 inthe code entry module 103 in conjunction with the controller 107 canalso check other access privileges of the user 101. These accessprivileges can be contained in the database 105 which can be locatedeither locally in the remote key fob, or in the receiver sub-system 117as previously described. In one example, Tom Smith can firstly beauthenticated as Tom Smith using the thumb press by Tom on the biometricsensor panel (not shown). After Tom's personal biometric identity isauthenticated, the transmitter sub-system 116 can check if Tom Smith isin fact allowed to use the particular door secured by the device 111 onweekends. Thus the security screening offered by the describedarrangement can range from simple authentication of the user's identity,to more comprehensive access privilege screening.

The incorporation of the biometric sensor 121 into the code entry module103 in the form of a remote key fob also means that if the user 101loses the remote key fob, the user need not be concerned that someoneelse can use it. Since the finder of the lost key fob will not be ableto have his or her biometric signal authenticated by the biometricsensor 121 in the code entry module 103, the lost key fob is useless toanyone apart from the rightful user 101.

The transmitter sub-system 116 is preferably fabricated in the form of asingle integrated circuit (IC) to reduce the possibility of anauthorised person bypassing the biometric sensor 121 in the code entrymodule 103 and directly forcing the controller 107 to emit the rollingcode access signal 108.

FIG. 3 shows the method of operation of the remote control module (i.e.the sub-system 116) of FIG. 2. The method 200 commences with a testingstep 201 in which the biometric sensor 121 in the code entry module 103checks whether a biometric signal 102 is being received. If this is notthe case, then the method 200 is directed in accordance with an NO arrowback to the step 201 in a loop. If, on the other hand, the biometricsignal 102 has been received, then the method 200 is directed inaccordance with a YES arrow to a step 202. The step 202 compares thereceived biometric signal 102 with information in the biometricsignature database 105 in order to ensure that the biometric signalreceived 102 is that of the rightful user 101 of the sub-system 116.

A subsequent testing step 203 checks whether the comparison in the step202 yields the desired authentication. If the biometric signaturematching is authenticated, then the process 200 is directed inaccordance with a YES arrow to a step 204. The authentication of thebiometric signature matching produces an accessibility attribute for thebiometric signal 102 in question. The accessibility attributeestablishes whether and under which conditions access to the controlleditem 111 should be granted to a user. Thus, for example, theaccessibility attribute may comprise one or more of an access attribute(granting unconditional access), a duress attribute (granting access butwith activation of an alert tone to advise authorities of the duresssituation), an alert attribute (sounding a chime indicating that anunauthorised, but not necessarily hostile, person is seeking access, anda telemetry attribute, which represents a communication channel forcommunicating state information for the transmitter sub-system to thereceiver sub-system such as a “low battery” condition. The step 204enables the user 101 to select a control option by providing one or moreadditional signals (not shown) to the controller 107. Thus for examplethe control option could enable the user 101 to access one of a numberof secure doors after his or her identity has been authenticated in thestep 203. In the subsequent step 205 the controller 107 sends theappropriate access signal 108 to the controller 109. The process 200 isthen directed in accordance with an arrow 206 back to the step 201.

Thus for example the sub-system 116 can be provided with a singlebiometric sensor 121 in the code entry module 103 which enables the user101 to select one of four door entry control signals by means ofseparate buttons on the controller 107 (not shown). This would enablethe user 101, after authentication by the biometric sensor 121 in thecode entry module 103 and the controller 107 to obtain access to any oneof the aforementioned for secure doors.

Returning to the testing step 203, if the signature comparison indicatesthat the biometric signal 102 is not authentic, and has thus not beenreceived from the proper user, then the process 200 is directed inaccordance with a NO arrow back to the step 201. In an alternatearrangement, the NO arrow from the step 203 could lead to a disablingstep which would disable further operation of the sub-system 116, eitherimmediately upon receipt of the incorrect biometric signal 102, or aftera number of attempts to provide the correct biometric signal 102.

FIG. 4 shows the method of operation of the control sub-system 117 ofFIG. 2. The method 300 commences with a testing step 301 whichcontinuously checks whether the access signal 108 has been received from107. The step 301 is performed by the controller 109. As long as theaccess signal 108 is not received the process 300 is directed inaccordance with a NO arrow in a looping manner back to the step 301.When the access signal 108 is received, the process 300 is directed fromthe step 301 by means of a YES arrow to a step 302. In the step 302, thecontroller 109 compares the rolling code received by means of the accesssignal 108 with a reference code in the database 115. A subsequenttesting step 303 is performed by the controller 109. In the step 303 ifthe code received on the access signal 108 is successfully matchedagainst the reference code in the database 115 then the process 300 isdirected in accordance with a YES arrow to a step 304.

In the step 304 the controller 109 sends the control signal 110 to thecontrolled item 111 (for example opening the secured door). The process300 is then directed from the step 304 as depicted by an arrow 305 backto the step 301. Returning to the testing step 303 if the code receivedon the access signal 108 is not successfully matched against thereference code in the database 115 by the controller 109 then theprocess 300 is directed from the step 303 in accordance with a NO arrowback to the step 301.

As was described in regard to FIG. 3, in an alternate arrangement, theprocess 300 could be directed, if the code match is negative, from thestep 303 to a disabling step which would disable the sub-system 117 ifthe incorrect code where received once or a number of times.

FIG. 5 shows incorporation of a protocol converter into the arrangementof FIG. 2. In the arrangement of FIG. 2 the receiver 118 in thecontroller 109 is able to directly receive and process the rolling codein the access signal 108 in a manner as to provide, as depicted by thearrow 120, the necessary information to the controller 109. FIG. 5 showshow an existing controller depicted by a reference numeral 109′ thatuses Wiegand input signalling can be used in the disclosed arrangementwhen alarm systems are upgraded. FIG. 5 shows how the incoming accesssignal 108 is received by a receiver 118′ as is the case in FIG. 2. InFIG. 5 however the receiver 118′ provides, as depicted by an arrow 503,the received rolling code from the access signal 108 to a rollingcode/Wiegand protocol converter 501. The converter 501 converts, asdepicted by an arrow 504, the incoming rolling code 503 to a form thatcan be used by the controller 109′ that is designed to handle Wiegandprotocol incoming signals. Therefore, the converted incoming signal 504is in the Wiegand format.

The converter 501 uses a microprocessor-based arrangement runningsoftware code to process the incoming rolling code information 503 anddecode this information 503 to clear text form. The converter 501converts this clear text to a Wiegand variable bit-length data stream.In FIG. 2, the receiver 118 performs the conversion of the incomingrolling code access signal 108 to clear text which enables thecontroller 109 to identify the serial number of the originating key fobsub-system 116 to enable the access rights of the user to be verified.

Further to the Wiegand conversion arrangement, the protocol converter501 approach can be adapted to convert between the incoming rolling code503 (or any other appropriate secure code) to any other convenientprotocol used by the controller 169′

The advantage of the rolling code/Wiegand converter 501 is that securitysystem upgrades can be made without replacing Wiegand compatiblecontroller 109′. Accordingly, existing systems as are described in FIG.1 can be upgraded by replacing the code entry module 403 and thetransmission path 404, leaving the other components of the system 400(i.e., the controller 405, the code database 407, and the controlleditem 409, together with existing wiring 408 and 406), largely intact.Minor modifications might however be necessary. When upgrading systemsin this manner, the sub-system 116 can either be used in a remote fobconfiguration, or can be placed in a secure housing on an external doorjamb.

From a practical perspective, incorporating the protocol converter 501into an existing controller 109′ would require direct wiring of theconverter 501 into the housing of the secure controller 109′.

FIG. 6 shows another process 700 of operation of the remote accesssystem. The process 700 commences with a step 701 that determines if abiometric signal has been received by the biometric sensor 121 in thecode entry module in FIG. 2. If not, then the process 700 follows a NOarrow back to the step 701. If however a biometric signal has beenreceived, then the process 700 follows a YES arrow to a step 702 thatdetermines if the user ID database 105 in FIG. 2 is empty. This would bethe case, for example, if the code entry module is new and has neverbeen used, or if the user 101 has erased all the information in thedatabase 105.

If the database 105 is empty, then the process 700 is directed by anarrow 703 to 706 in FIG. 8 which depicts a process 800 dealing with theenrolment or the administration function for loading relevant signaturesinto the database 105. If on the other hand the database 105 is notempty, then the process 700 is directed to a step 704 that determines ifthe biometric signal that has been received is an administrator'sbiometric signal.

The disclosed remote entry system can accommodate at least three classesof user, namely administrators, (ordinary) users, and duress users. Theadministrators have the ability to amend data stored, for example, inthe database 105, while the ordinary users do not have this capability.The first user of the code entry module 103, whether this is the userwho purchases the module, or the user who programs the module 103 afterall data has been erased from the database 105, is automaticallycategorised as an administrator. This first administrator can direct thesystem 100 to either accept further administrators, or alternately toonly accept further ordinary users.

Although the present description refers to “Users”, in fact it is“fingers” which are the operative entities in system operation when thebiometric sensor 121 (see FIG. 2) is a fingerprint sensor. In thisevent, a single user can enrol two or more of his or her own fingers asseparate administrators or (ordinary) users of the system, by storingcorresponding fingerprints for corresponding fingers in the database 105via the enrolment process 800 (see FIG. 8).

Some class overlap is possible. Thus a stored signature can belong to anadministrator in the duress class.

The first administrator can provide control information to the codeentry module by providing a succession of finger presses to thebiometric sensor 121, providing that these successive presses are of theappropriate duration, the appropriate quantity, and are input within apredetermined time. In one arrangement, the control information isencoded by either or both (a) the number of finger presses and (b) therelative duration of the finger presses. If the successive fingerpresses are provided within this predetermined time, then the controller107 accepts the presses as potential control information and checks theinput information against a stored set of legal control signals.

One example of a legal control signal can be expressed as follows:

“Enrol an ordinary user”->dit, dit, dit, dah

where “dit” is a finger press of one second's duration (provided by theuser 101 in response to the feedback provided by the Amber LED asdescribed below), and “dah” is a finger press of two second's duration.

In the event that a legitimate sequence of finger presses are notdelivered within the predetermined time, then the presses are considerednot to be control information and merely to be presses intended toprovide access to the controlled item 111. Legitimate control sequencesare defined in Read Only Memory (ROM) in the controller 107.

The code entry module 103 has feedback signalling mechanisms 122,implemented for example by a number of LEDs, and 124, implemented by anaudio transducer. The LEDs 122 and the audio transducer 124 are used bythe controller to signal the state of the code entry module 103 to theuser 101, and to direct the administration process. Thus, in oneexample, three LEDs, being Red, Amber and Green are provided.

When the Amber LED is flashing, it means “Press the sensor”. When theAmber LED is steady ON, it means “Maintain finger pressure”. When theAmber LED is OFF, it means “Remove finger pressure”. When the systementers the enrolment state (depicted by the process 800 in FIG. 8), thenthe audio transducer 124 emits the “begin enrolment” signal (dit dit ditdit) and the Red LED flashes. Enrolment of a normal user (according tothe step 807 in FIG. 8) is signalled by the OK audio signal (dit dit)and a single blink of the Green LED.

Returning to the step 704, if the step determines that the biometricsignal received is an administrator's signal, then the process 700 isdirected by a YES arrow to 706 in FIG. 8 as depicted by the arrow 703.If on the other hand, the step 704 indicates that the received biometricsignal does not belong to an administrator then the process 700 isdirected by a NO arrow to 707 in FIG. 7.

FIG. 7 shows the access process 600 by which a biometric signal 102 (seeFIG. 2) is processed in order to provide access to the controlled item111, or to take other action. Entering the process at 707 from FIG. 6,the process 600 proceeds to a step 602 that compares the receivedbiometric signature to signatures stored in the database 105. Afollowing step 603 determines if the received signal falls into the“duress” category. Signatures in this category indicate that the user101 is in a coercive situation where, for example, an armed criminal isforcing the user 101 to access the secure facility (such as a bankdoor). If the step 603 determines that the signature is in the duressclass, then a following step 604 prepares a “duress” bit forincorporation into the code access signal 108. The aforementioned duressbit is an access attribute of the biometric signal 102. Thereafter theprocess 600 proceeds to a step 605.

Modules used in the code entry module for producing the rolling codeenable a number of user defined bits to be inserted into the accesssignal 108, and these bits can be used to effect desired controlfunctions in the receiver sub-system 117. The disclosed system 100utilises four such user bits, namely (a) to indicate that the userbelongs to the duress category, (b) to indicate a “battery low”condition, or other desired system state or “telemetry” variable, forthe code entry module 103, (c) to indicate that the biometric signalrepresents a legitimate user in which case the secure access to thecontrolled item 111 is to be granted, or (d) to indicate that thebiometric signal is unknown, in which case the controller 109 in thereceiver sub-system 117 sounds an alert tone using a bell (not shown) orthe like.

Returning to FIG. 7, if the step 603 determines that the biometricsignal is not in the duress class, then the process 600 proceedsaccording to a NO arrow to the step 605. The step 605 determines if thecode entry module 103 has a low battery condition, in which event theprocess 600 proceeds according to a YES arrow to a step 606 thatprepares a telemetry bit for insertion into the access signal 108. Theaforementioned telemetry bit is an access attribute of the biometricsignal 102. Thereafter, the process proceeds to a step 607.

If the step 605 determines that telemetry signalling is not required,then the process 600 proceeds according to a NO arrow to the step 607.The step 607 checks the biometric signal against the signatures in thedatabase 105. If the received biometric signal matches a legitimatesignature in the database 105, then the process is directed to a step608 that prepares an “access” bit for insertion into the access signal108. This access bit directs the controller 109 in the receiversub-system 117 to provide access to the controlled item 111. Theaforementioned access bit is an access attribute of the biometric signal102. The process 600 then proceeds to a step 610.

If the step 607 determines that the biometric input signal does notmatch any legitimate signatures in the database 105, then the process600 proceeds according to a NO arrow to a step 609 that prepares an“alert” bit for insertion into the access signal 108. The aforementionedalert bit is an access attribute of the biometric signal 102. This alertbit directs the controller 109 (a) not to provide access to thecontrolled item 111, and (b) to provide an alert tone, like ringing achime or a bell (not shown), to alert personnel in the vicinity of thereceiver sub-system 117 that an unauthorised user is attempting to gainaccess to the controlled item 111. The alert bit can also cause a cameramounted near the controlled item 111 to photograph the unauthorised userfor later identification of that person. The camera can be activated ifthe person attempting to gain access is unauthorised, and also if theperson attempting to gain access is authorised but uses a duresssignature.

An optional additional step (not shown) can prepare an identificationfield for insertion into the access signal 108. This sends, to thereceiver sub-system 117, ID information that the receiver sub-system canuse to construct an audit trail listing which users, having signaturesin the database 105, have been provided with access to the controlleditem 111.

The process 600 is then directed to the step 610 which inserts thevarious user defined bits into the access signal 108 and sends thesignal 108 to the receiver sub-system 117. Thereafter, the process 600is directed by an arrow 611 to 705 in FIG. 6.

FIG. 8 shows a process 800 for implementing various enrolmentprocedures. The process 800 commences at 706 from FIG. 6 after which astep 801 determines if the biometric signal is a first administratorsinput (which is the case if the database 105 is empty). If this is thecase, then the process 800 is directed to a step 802 that stores theadministrator's signature in the database 105. From a terminologyperspective, this first administrator, or rather the firstadministrator's first finger (in the event that the biometric sensor 121in FIG. 2 is a fingerprint sensor), is referred to as the “superfinger”.Further administrator's fingers are referred to as admin-fingers, andordinary users fingers are referred to merely as “fingers”. The reasonthat someone would enrol more than one of their own fingers into thesystem is to ensure that even in the event that one of their enrolledfingers is injured, the person can still operate the system usinganother enrolled finger.

It is noted that the step 802, as well as the steps 805, 807 and 809involve sequences of finger presses on the biometric sensor 121 inconjunction with feedback signals from the LEDs 122 and/or the audiospeaker 124. The process 800 then proceeds to a step 810 that determinesif further enrolment procedures are required. If this is the case, thenthe process 800 proceeds by a YES arrow back to the step 801. If nofurther enrolment procedures are required, then the process 800 proceedsby a NO arrow to 705 in FIG. 6.

Returning to the step 801, if the biometric signal is not a firstadministrator's signal, then the process 800 proceeds by a NO arrow to astep 803. The step 803 determines if a further administrator signatureis to be stored. It is noted that all signatures stored in the databaseare tagged as belonging to one or more of the classes of administrator,ordinary user, and duress users. If a further administrator signature isto be stored, then the process 800 proceeds by a YES arrow to the step802 that stores the biometric signal as a further administrator'ssignature.

If a further administrator's signature is not required, then the process800 proceeds according to a NO arrow to a step 804 that determines if aduress signature is to be stored. If this is the case then the process800 follows a YES arrow to a step 805 that stores a duress signature.The process 800 then proceeds to the step 810. If however the step 804determines that a duress signature is not required, then the process 800proceeds by a NO arrow to s step 806.

The step 806 determines if a further simple signature (i.e. belonging toan ordinary user) is to be stored. If a further simple signature is tobe stored, then the process 800 proceeds by a YES arrow to the step 807that stores the biometric signal as a further ordinary signature.

If a further simple signature is not required, then the process 800proceeds according to a NO arrow to a step 808 that determines if any orall signatures are to be erased from the database 105. If this is thecase then the process 800 follows a YES arrow to a step 809 that erasesthe desired signatures. The process 800 then proceeds to the step 810.If however the step 804 determines that no signatures are to be erased,then the process 800 proceeds by a NO arrow to the step 810.

FIG. 9 shows another enrolment process relating to the example of FIG.6. The process 900 commences at 706 from FIG. 6 after which a step 901determines if the received biometric signal comes from the firstadministrator. If this is the case, then the process 900 proceedsaccording to a YES arrow to a step 902. The step 902 emits an“Enrolment” tone and flashes the green LED once only. Thereafter, a step905 reads the incoming biometric signal which is provided by the user asdirected by the Amber LED. When the Amber LED flashes continuously, thisdirects the user to “Apply Finger”. When the Amber LED is in a steadyilluminated state, this directs the user to “Maintain Finger Pressure”.Finally, when the amber LED is off, this directs the user to “RemoveFinger”.

Returning to the step 901, if the incoming biometric signal does notbelong to the first administrator, then the process 900 proceedsaccording to a NO arrow to a step 903. The step 903 emits an “Enrolment”tone, and flashes the Red LED in an on-going fashion. Thereafter, theprocess 900 proceeds according to an arrow 904 to the step 905.

Following the step 905, a step 906 determines whether the incomingbiometric signal is legible. If this is not the case, then the process900 proceeds according to a NO arrow to a step 907. The step 907 emits a“Rejection” tone, after which the process 900 is directed, according toan arrow 908 to 705 in FIG. 6. Returning to the step 906, if theincoming biometric signal is legible, then the process 900 follows a YESarrow to a step 909. The step 909 determines whether the finger pressexceeds a predetermined time. If this is not the case, then the process900 follows a NO arrow to a step 910 which stores the biometric signal,which in the present case is a fingerprint signature. Thereafter theprocess 900 follows an arrow 911 to 705 in FIG. 6.

Returning to the step 909 if the finger press does exceed thepredetermined period, then the process follows a YES arrow to a step912. The step 912 erases relevant signatures depending upon theattributes of the incoming biometric signal. Thus, for example, if theincoming biometric signal belongs to an ordinary user, then the ordinaryuser's signature in the database 105 is erased by the step 912. If, onthe other hand, the incoming biometric signal belongs to the firstadministrator, then all the signatures in the database 105 are erased.Administrators who are not the first administrator can be granted eitherthe same powers as the first administrator in regard to erasure ofsignatures, or can be granted the same powers as ordinary user in thisrespect.

Once the step 912 has completed erasure of the relevant signatures, thenthe process 900 follows an arrow 913 to 705 in FIG. 6.

FIG. 10 is a schematic block diagram of the system in. FIG. 2. Thedisclosed secure access methods are preferably practiced using acomputer system arrangement 100′, such as that shown in FIG. 10 whereinthe processes of FIGS. 3-4, and 6-9 may be implemented as software, suchas application program modules executing within the computer system100′. In particular, the method steps for providing secure access areeffected by instructions in the software that are carried out underdirection of the respective processor modules 107 and 109 in thetransmitter and receiver sub-systems 116 and 117. The instructions maybe formed as one or more code modules, each for performing one or moreparticular tasks. The software may also be divided into two separateparts, in which a first part performs the provision of secure accessmethods and a second part manages a user interface between the firstpart and the user. The software may be stored in a computer readablemedium, including the storage devices described below, for example. Thesoftware is loaded into the transmitter and receiver sub-systems 116 and117 from the computer readable medium, and then executed under directionof the respective processor modules 107 and 109. A computer readablemedium having such software or computer program recorded on it is acomputer program product. The use of the computer program product in thecomputer preferably effects an advantageous apparatus for provision ofsecure access.

The following description is directed primarily to the transmittersub-system 116, however the description applies in general to theoperation of the receiver sub-system 117. The computer system 100′ isformed, having regard to the transmitter sub-system 116, by thecontroller module 107, input devices such as the bio sensor 121, outputdevices including the LED display 122 and the audio device 124. Acommunication interface/transceiver 1008 is used by the controllermodule 107 for communicating to and from a communications network 1020.Although FIG. 2 shows the transmitter sub-system 116 communicating withthe receiver sub-system 117 using a direct wireless link for the accesssignal 108, this link used by the access signal 108 can be effected overthe network 1020 forming a tandem link comprising 108-1020-108′. Theaforementioned communications capability can be used to effectcommunications between the transmitter sub-system 116 and the receiversub-system 117 either directly or via the Internet, and other networksystems, such as a Local Area Network (LAN) or a Wide Area Network(WAN).

The controller module 107 typically includes at least one processor unit1005, and a memory unit 1006, for example formed from semiconductorrandom access memory (RAM) and read only memory (ROM). The controllermodule 107 also includes an number of input/output (I/O) interfacesincluding an audio-video interface 1007 that couples to the LED display122 and audio speaker 124, an I/O interface 1013 for the bio-sensor 121,and the interface 1008 for communications. The components 1007, 1008,1005, 1013 and 1006 the controller module 107 typically communicate viaan interconnected bus 1004 and in a manner which results in aconventional mode of operation of the controller 107 known to those inthe relevant art.

Typically, the application program modules for the transmittersub-system 116 are resident in the memory 1006 iROM, and are read andcontrolled in their execution by the processor 1005. Intermediatestorage of the program and any data fetched from the bio sensor 121 andthe network 1020 may be accomplished using the RAM in the semiconductormemory 1006. In some instances, the application program modules may besupplied to the user encoded into the ROM in the memory 1006. Stillfurther, the software modules can also be loaded into the transmittersub-system 116 from other computer readable media, say over the network1020. The term “computer readable medium” as used herein refers to anystorage or transmission medium that participates in providinginstructions and/or data to the transmitter sub-system 116 for executionand/or processing. Examples of storage media include floppy disks,magnetic tape, CD-ROM, a hard disk drive, a ROM or integrated circuit, amagneto-optical disk, or a computer readable card such as a PCMCIA cardand the like, whether or not such devices are internal or external ofthe transmitter sub-system 116. Examples of transmission media includeradio or infra-red transmission channels as well as a network connectionto another computer or networked device, and the Internet or Intranetsincluding e-mail transmissions and information recorded on Websites andthe like.

INDUSTRIAL APPLICABILITY

It is apparent from the above that the arrangements described areapplicable to the security industry.

The foregoing describes only some embodiments of the present invention,and modifications and/or changes can be made thereto without departingfrom the scope and spirit of the invention, the embodiments beingillustrative and not restrictive.

The system 100 can also be used to provide authorised access to lightingsystems, building control devices, exterior or remote devices such asair compressors and so on. The concept of “secure access” is thusextendible beyond mere access to restricted physical areas.

1. A system for providing secure access to a controlled item, the systemcomprising: a database of biometric signatures; a transmitter subsystemcomprising: a biometric sensor for receiving a biometric signal; meansfor enrolling relevant signatures into the database using the biometricsensor; wherein the means for enrolling relevant signatures into thedatabase of biometric signatures comprises: means for receiving a seriesof entries of the biometric signal, said series being characterisedaccording to at least one of the number of said entries and a durationof each said entry; means for mapping said series into an instruction;and means for enrolling relevant signatures into the database accordingto the instruction; means for matching the biometric signal againstmembers of the database of biometric signatures to thereby output anaccessibility attribute if the matching is authenticated; and means foremitting a secure access signal conveying information dependent uponsaid accessibility attribute; said system further comprising: a receiversub-system comprising; means for receiving the transmitted secure accesssignal; and means for providing conditional access to the controlleditem dependent upon said information.
 2. A system according to claim 1,wherein the biometric sensor and the transmitter are located in a remoteportable key fob.
 3. A system according to claim 1 further comprising:means for providing a signal for directing input of the series ofentries of the biometric signal; means for incorporating into the secureaccess signal an identification field identifying the biometric signalif the signal matches a member of the database; and means forconstructing an audit trail of biometric signals provided to thebiometric sensor for the purpose of accessing the controlled item.
 4. Asystem according to claim 3, wherein the database of biometricsignatures comprises signatures in at least one of a systemadministrator class, a system user class, and a duress class.
 5. Asystem according to claim 4, wherein the accessibility attributecomprises: an access attribute if the biometric signal matches a memberof the database of biometric signatures; a duress attribute if thebiometric signal matches a member of the database of biometricsignatures and said member belongs to the duress class; and an alertattribute if the biometric signal does not match a member of thedatabase of biometric signatures.
 6. A system according to claim 5,wherein the controlled item is one of: a locking mechanism of a door;and an electronic lock on a Personal Computer (PC).
 7. A systemaccording to claim 5, wherein the database of biometric signatures islocated in at least one of the transmitter sub-system and the receiversub-system.
 8. A system according to claim 5, wherein said conditionalaccess comprises one of: provision of access to the controlled item ifthe accessibility attribute comprises an access attribute; provision ofaccess to the controlled item and sounding of an alert if theaccessibility attribute comprises a duress attribute; and denial ofaccess to the controlled item and sounding of an alert if theaccessibility attribute comprises an alert attribute.
 9. A systemaccording to claim 1, further comprising a control panel for receivingthe information and for providing the secure access requested.
 10. Asystem according to claim 9 wherein the control panel includes aconverter for receiving the secure wireless signal and for outputtingthe information.
 11. A system according to claim 9, wherein thebiometric sensor authenticates the identity of the user by comparing abiometric input from the user with a biometric signature for the user inthe biometric database.
 12. A system according to claim 9, wherein thesecure wireless signal comprises an RF carrier and a rolling code.
 13. Asystem according to claim 10, wherein the secure wireless signalcomprises an RF carrier and a rolling code, and the converter convertsthe rolling code to the Wiegand protocol.
 14. A transmitter sub-systemfor operating in a system for providing secure access to a controlleditem, the system comprising: a database of biometric signatures; areceiver sub-system comprising means for receiving a secure accesssignal transmitted by the transmitter sub-system, and means forproviding conditional access to the controlled item dependent uponinformation conveyed in the secure access signal; wherein thetransmitter subsystem comprises: a biometric sensor for receiving abiometric signal; means for enrolling relevant signatures into thedatabase using the biometric sensor; wherein the means for enrollingrelevant signatures into the database of biometric signatures comprises:means for receiving a series of entries of the biometric signal, saidseries being characterised according to at least one of the number ofsaid entries and a duration of each said entry; means for mapping saidseries into an instruction; and means for enrolling relevant signaturesinto the database according to the instruction; means for matching thebiometric signal against members of the database of biometric signaturesto thereby output an accessibility attribute if the matching isauthenticated; and means for emitting the secure access signal conveyingsaid information dependent upon said accessibility attribute.
 15. Atransmitter sub-system according to claim 14, wherein the biometricsensor and the transmitter are located in a remote portable key fob. 16.A transmitter sub-system according to claim 14 further comprising: meansfor providing a signal for directing input of the series of entries ofthe biometric signal; and means for incorporating into the secure accesssignal an identification field identifying the biometric signal if thesignal matches a member of the database, said identification field foruse in constructing an audit trail of biometric signals provided to thebiometric sensor for the purpose of accessing the controlled item.
 17. Atransmitter sub-system according to claim 16, wherein the database ofbiometric signatures comprises signatures in at least one of a systemadministrator class, a system user class, and a duress class.
 18. Atransmitter sub-system according to claim 17, wherein the accessibilityattribute comprises: an access attribute if the biometric signal matchesa member of the database of biometric signatures; a duress attribute ifthe biometric signal matches a member of the database of biometricsignatures and said member belongs to the duress class; and an alertattribute if the biometric signal does not match a member of thedatabase of biometric signatures.
 19. A transmitter sub-system accordingto claim 18, wherein the database of biometric signatures comprisessignatures in at least one of a system administrator class and a systemuser class.
 20. A transmitter sub-system according to claim 18, whereinthe database of biometric signatures is located in at least one of thetransmitter sub-system and the receiver sub-system.
 21. A receiversub-system for operating in a system for providing secure access to acontrolled item, the system comprising: a database of biometricsignatures; a transmitter subsystem comprising: a biometric sensor forreceiving a biometric signal; means for enrolling relevant signaturesinto the database using the biometric sensor; wherein the means forenrolling relevant signatures into the database of biometric signaturescomprises: means for receiving a series of entries of the biometricsignal, said series being characterised according to at least one of thenumber of said entries and a duration of each said entry; means formapping said series into an instruction; and means for enrollingrelevant signatures into the database according to the instruction, thetransmitter sub-system further comprising: means for matching thebiometric signal against members of the database of biometric signaturesto thereby output an accessibility attribute if the matching isauthenticated; and means for emitting a secure access signal conveyinginformation dependent upon said accessibility attribute; wherein thereceiver sub-system comprises; means for receiving the transmittedsecure access signal; and means for providing conditional access to thecontrolled item dependent upon said information.
 22. A receiversub-system according to claim 21 wherein the biometric sensor and thetransmitter are located in a remote portable key fob.
 23. A receiversub-system according to claim 21, wherein the database of biometricsignatures comprises signatures in at least one of a systemadministrator class and a system user class.
 24. A receiver sub-systemaccording to claim 23, wherein the accessibility attribute comprises: anaccess attribute if the biometric signal matches a member of thedatabase of biometric signatures; a duress attribute if the biometricsignal matches a member of the database of biometric signatures and saidmember belongs to the duress class; and an alert attribute if thebiometric signal does not match a member of the database of biometricsignatures.
 25. A receiver sub-system according to claim 24, whereinsaid conditional access comprises one of: provision of access to thecontrolled item if the accessibility attribute comprises an accessattribute; provision of access to the controlled item and sounding of analert if the accessibility attribute comprises a duress attribute; anddenial of access to the controlled item and sounding of an alert if theaccessibility attribute comprises an alert attribute.
 26. A receiversub-system according to claim 25, wherein the database of biometricsignatures is located in at least one of the transmitter sub-system andthe receiver sub-system.
 27. A method for providing secure access to acontrolled item, the method comprising the steps of: enrolling, by atransmitter sub-system, relevant signatures into a database using abiometric sensor, by receiving a series of entries of the biometricsignal, said series being characterised according to at least one of thenumber of said entries and a duration of each said entry, mapping saidseries into an instruction, and enrolling relevant signatures into thedatabase according to the instruction; receiving, by the transmittersub-system, a biometric signal; matching, by the transmitter sub-system,the biometric signal against members of the database of biometricsignatures to thereby output an accessibility attribute if the matchingis authenticated; emitting, by the transmitter sub-system, a secureaccess signal conveying information dependent upon said accessibilityattribute; and providing conditional access to the controlled itemdependent upon said information.
 28. A method according to claim 27,wherein the transmitter sub-system and the biometric sensor are locatedin a remote portable key fob.
 29. A method according to claim 27,wherein the database of biometric signatures comprises signatures in atleast one of a system administrator class, a system user class, and aduress class.
 30. A method according to claim 29, wherein theaccessibility attribute comprises: an access attribute if the biometricsignal matches a member of the database of biometric signatures; aduress attribute if the biometric signal matches a member of thedatabase of biometric signatures and said member belongs to the duressclass; and an alert attribute if the biometric signal does not match amember of the database of biometric signatures, and wherein the step ofproviding said conditional access comprises the steps of: providingaccess to the controlled item if the accessibility attribute comprisesan access attribute; providing access to the controlled item andsounding an alert if the accessibility attribute comprises a duressattribute; and denying access to the controlled item and sounding analert if the accessibility attribute comprises an alert attribute.
 31. Amethod for enrolling, by a transmitter subsystem, relevant signaturesinto a database of biometric signatures in a system for providing secureaccess to a controlled item, the system comprising: said database ofbiometric signatures; the transmitter sub-system comprising: a biometricsensor configured for receiving a biometric signal; means for enrollingrelevant signatures into the database using the biometric sensor; meansfor matching the biometric signal against members of the database ofbiometric signatures to thereby output an accessibility attribute if thematching is authenticated; and means for emitting a secure access signalconveying information dependent upon said accessibility attribute; and areceiver sub-system comprising: means for receiving the transmittedsecure access signal; and means for providing conditional access to thecontrolled item dependent upon information in said secure access signal;said method comprising the steps of: receiving, by the transmittersub-system, a series of entries of the biometric signal characterisedaccording to at least one of the number of said entries and a durationof each said entry; determining, by the transmitter sub-system, at leastone of the number of said entries and a duration of each said entry;mapping, by the transmitter sub-system, said series into an instruction;and enrolling, by the transmitter sub-system, said relevant signaturesinto the database according to the instruction.
 32. A method accordingto claim 31, wherein the transmitter subsystem is located in a remoteportable key fob.
 33. A method for transmitting a secure access signalin a system for providing secure access to a controlled item, the systemcomprising: a database of biometric signatures; a receiver sub-systemcomprising: means for receiving the secure access signal transmitted bya transmitter sub-system, the transmitter sub-system comprising abiometric sensor and being configured for enrolling relevant signaturesinto the database using the biometric sensor by receiving a series ofentries of the biometric signal, said series being characterisedaccording to at least one of the number of said entries and a durationof each said entry, mapping said series into an instruction, andenrolling relevant signatures into the database according to theinstruction; means for providing conditional access to the controlleditem dependent upon information conveyed in the secure access signal;said method comprising the steps of: receiving, by the transmittersub-system, a biometric signal by the biometric sensor; matching, by thetransmitter sub-system, the biometric signal against members of thedatabase of biometric signatures to thereby output an accessibilityattribute if the matching is authenticated; and emitting, by thetransmitter sub-system, the secure access signal conveying saidinformation dependent upon said accessibility attribute.
 34. A methodaccording to claim 33, wherein the transmitter sub-system is located ina remote portable key fob.
 35. A method for receiving a secure accesssignal in a system for providing secure access to a controlled item, thesystem comprising: a database of biometric signatures; a transmittersubsystem, comprising: a biometric sensor for receiving a biometricsignal; means for enrolling relevant signatures into the database usingthe biometric sensor by receiving a series of entries of the biometricsignal, said series being characterised according to at least one of thenumber of said entries and a duration of each said entry, mapping saidseries into an instruction, and enrolling relevant signatures into thedatabase according to the instruction; means for matching the biometricsignal against members of the database of biometric signatures tothereby output an accessibility attribute if the matching isauthenticated; and means for emitting a secure access signal conveyinginformation dependent upon said accessibility attribute, said methodcomprising the steps of: receiving the transmitted secure access signal;and providing conditional access to the controlled item dependent uponsaid information.
 36. A method according to claim 35, wherein thetransmitter sub-system is located in a remote portable key fob.
 37. Anapparatus for providing secure access to a controlled item, saidapparatus comprising: a transmitter sub-system comprising: a biometricsensor for receiving a biometric signal; means for enrolling relevantsignatures into a database using the biometric sensor; wherein the meansfor enrolling relevant signatures into the database of biometricsignatures comprises: means for receiving a series of entries of thebiometric signal, said series being characterised according to at leastone of the number of said entries and a duration of each said entry;means for mapping said series into an instruction; and means forenrolling relevant signatures into the database according to theinstruction; the transmitter sub-system further comprising: means formatching the biometric signal against members of the database ofbiometric signatures to thereby output an accessibility attribute if thematching is authenticated; and means for emitting a secure access signalconveying information dependent upon said accessibility attribute; andwherein conditional access is provided to the controlled item dependentupon said information.
 38. A method according to claim 37, wherein thetransmitter sub-system is located in a remote portable key fob.
 39. Anapparatus, in a transmitter sub-system, for enrolling relevantsignatures into a database of biometric signatures in a system forproviding secure access to a controlled item, the system comprising:said database of biometric signatures; the transmitter subsystem,comprising: a biometric sensor for receiving a biometric signal; meansfor enrolling relevant signatures into the database using the biometricsensor; means for matching the biometric signal against members of thedatabase of biometric signatures to thereby output an accessibilityattribute if the matching is authenticated; and means for emitting asecure access signal conveying information dependent upon saidaccessibility attribute; the system further comprising: a receiversub-system comprising: means for receiving the transmitted secure accesssignal; and means for providing conditional access to the controlleditem dependent upon information in said secure access signal; saidapparatus comprising: means for receiving a series of entries of thebiometric signal; means for determining at least one of the number ofsaid entries and a duration of each said entry; means for mapping saidseries into an instruction; and means for enrolling relevant signaturesinto the database according to the instruction.
 40. An apparatusaccording to claim 39, wherein the transmitter sub-system is located ina remote portable key fob.
 41. A method of enrolling a biometricsignature into a database of biometric signatures in a system forproviding secure access to a controlled item, the system comprising:said database of biometric signatures; a transmitter subsystem forreceiving a biometric signal, the transmitter sub-system comprising: abiometric sensor; means for enrolling relevant signatures into thedatabase using the biometric sensor; wherein the means for enrollingrelevant signatures into the database of biometric signatures comprises:means for receiving a series of entries of the biometric signal, saidseries being characterised according to at least one of the number ofsaid entries and a duration of each said entry; means for mapping saidseries into an instruction; and means for enrolling relevant signaturesinto the database according to the instruction; means for matching thebiometric signal against members of the database of biometric signaturesto thereby output an accessibility attribute if the matching isauthenticated; and means for emitting a secure access signal conveyinginformation dependent upon said accessibility attribute; the systemfurther comprising: a receiver sub-system comprising: means forreceiving the transmitted secure access signal; and means for providingconditional access to the controlled item dependent upon information insaid secure access signal; said method comprising the steps of:receiving a biometric signal; and enrolling the relevant signatures intothe database using the biometric sensor as an administrator if thedatabase of biometric signatures is empty.
 42. A method according toclaim 41, wherein the transmitter sub-system is located in a remote keyfob.
 43. A method according to claim 41 wherein the enrolling stepcomprises receiving another biometric signal to confirm the enrolling ofthe biometric as an administrator.
 44. A method according to claim 43wherein the enrolling step is performed dependent upon generation of afeedback signal adapted to direct provision of at least one of thebiometric signal and the other biometric signal.